All Matches

Solution Library

Expert Answer

Textbooks

Search Textbook questions, tutors and Books

Oops, something went wrong!

Change your search query and then try again

Result Not Found

Books FREE
Tutors
Study Help
Hire a Tutor
AI Study Help New

Search
Sign In
Register

study help
business
accounting

Questions and Answers of Accounting

Assume a year has passed and XYZ has improved security by applying a number of controls. Using the information from Exercise 3 and the following table, calculate the post-control ARO and ALE for each
How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?
Where can a security administrator find information on established security frameworks?
What is the ISO 27000 series of standards? Which individual standards make up the series?
What are the inherent problems with ISO 17799, and why hasn’t the United States adopted it? What are the recommended alternatives?
What documents are available from the NIST Computer Resource Center, and how can they support the development of a security framework?
What benefit can a private, for-profit agency derive from best practices designed for federal agencies?
What Web resources can aid an organization in developing best practices as part of a security framework?
Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.
What are the differences between a policy, a standard, and a practice? What are the three types of security policies? Where would each be used? What type of policy would be needed to guide use of the
What is contingency planning? How is it different from routine management planning? What are the components of contingency planning?
When is the IR plan used?
When is the DR plan used?
When is the BC plan used? How do you determine when to use the IR, DR, and BC plans?
What are the five elements of a business impact analysis?
What are Pipkin’s three categories of incident indicators?
What is containment, and why is it part of the planning process?
What is an after-action review? When is it performed? Why is it done?
List and describe the six continuity strategies identified in the text.
Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mail viruses,
Search the Web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example.
Search the Web for examples of issue-specific security policies. What types of policies can you find? Draft a simple issue-specific policy using the format provided in the text that outlines “Fair
Use your library or the Web to find a reported natural disaster that occurred at least 180 days ago. From the news accounts, determine if local or national officials had prepared disaster plans and
Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether or not business continuity plans would be called into play.a. A hacker gets
What is the typical relationship among the untrusted network, the firewall, and the trusted network?
What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?
How is an application layer firewall different from a packet-filtering firewall? Why is an application layer firewall sometimes called a proxy server?
How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?
What is stateful inspection? How is state information maintained during a network connection or transaction?
What is a circuit gateway, and how does it differ from the other forms of firewalls?
What special function does a cache server perform? Why is this useful for larger organizations?
Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.
What is a hybrid firewall?
List the five generations of firewall technology. Which generations are still in common use?
How does a commercial-grade firewall appliance differ from a commercial-grade firewall system? Why is this difference significant?
Explain the basic technology that makes residential/SOHO firewall appliances effective in protecting a local network. Why is this usually adequate for protection?
What a sacrificial host? What is a bastion host?
What is a DMZ? Is this really an appropriate name for the technology, considering the function this type of subnet performs?
What are the three questions that must be addressed when selecting a firewall for a specific organization?
What is RADIUS? What advantage does it have over TACACS?
What is a content filter? Where is it placed in the network to gain the best result for the organization?
What is a VPN? Why is it becoming more widely used?
Using Figure, create rule(s) necessary for both the internal and external firewalls to allow a remote user to access an internal machine from the Internet using the software Timbuktu. This requires
Using Figure, suppose management wants to create a €œserver farm€ that is configured to allow a proxy firewall in the DMZ to access an internal Web server (rather than a Web
Using a Microsoft Windows XP, Vista, or 7 system, open Internet Explorer. Click Internet Options on the Tools menu. Examine the contents of the Security and Privacy tabs. How can these tabs be
What common security system is an IDPS most like? In what ways are these systems similar?
How does a false positive alarm differ from a false negative one? From a security perspective, which is least desirable?
How does a network-based IDPS differ from a host-based IDPS?
How does a signature-based IDPS differ from a behavior-based IDPS?
What is a monitoring (or SPAN) port? What is it used for?
List and describe the three control strategies proposed for IDPS control.
What is a honey pot? How is it different from a honey net?
How does a padded cell system differ from a honey pot?
What is network foot printing? What is network fingerprinting? How are they related?
Why do many organizations ban port scanning activities on their internal networks? Why would ISPs ban outbound port scanning by their customers?
What is an open port? Why is it important to limit the number of open ports to only those that are absolutely essential?
What is a vulnerability scanner? How is it used to improve security?
What is the difference between active and passive vulnerability scanners?
What kind of data and information can be found using a packet sniffer?
What capabilities should a wireless security toolkit include?
What is biometric authentication? What does the term biometric mean?
What is a false reject rate? What is a false accept rate? What is their relationship to the crossover error rate?
A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and
What is a key and what is it used for?
What are the three basic operations in cryptography?
What is a hash function, and what can it be used for?
What is the fundamental difference between symmetric and asymmetric encryption?
What are the six components of PKI?
What is the difference between digital signatures and digital certificates?
What is steganography and what can it be used for?
If you were setting up an encryption-based network, what size key would you choose and why?
Visit the NIST Web site and view the document “Announcing the Advanced Encryption Standard (AES)” which can be found at csrc.nist.gov/publications/fips/fips197/fips-197.pdf Review the FIPS-197
What is physical security? What are the primary threats to physical security? How are they made manifest in attacks against the organization?
What are the roles of IT, security, and general management with regard to physical security?
How does physical access control differ from the logical access control described in earlier chapters? How is it similar?
Define a secure facility. What is the primary objective of the design of such a facility? What are some of the secondary objectives of the design of a secure facility?
List and describe the four categories of locks. In which situation is each type of lock preferred?
What are the two possible modes that locks use when they fail? What implications do these modes have for human safety? In which situation is each mode preferred?
What is a mantrap? When should it be used?
What is the most common form of alarm? What does it detect? What types of sensors are commonly used in this type of alarm system?
Describe a physical firewall that is used in buildings. List the reasons why an organization might need firewalls for physical security controls.
What three elements must be present for a fire to ignite and continue to burn? How do fire suppression systems manipulate the three elements to quell fires?
List and describe the three-fire detection technologies covered in the chapter. Which is currently the most commonly used?
List and describe the four classes of fire described in the text. Does the class of a fire dictate how to control the fire?
What is Halon, and why is its use restricted?
What is the relationship between HVAC and physical security? What four physical characteristics of the indoor environment are controlled by a properly designed HVAC system? What are the optimal
List and describe the four primary types of UPS systems. Which is the most effective and the most expensive, and why?
What two critical functions are impaired when water is not available in a facility? Why are these functions important to the operation of the organization’s information assets?
List and describe the three fundamental ways that data can be intercepted. How does a physical security program protect against each of these data interception methods?
What can you do to reduce the risk of laptop theft?
Assume that your organization is planning to have a server room that functions without human beings—in other words, the functions are automated (such a room is often called a lights-out server
Assume that you have converted part of an area of general office space into a server room. Describe the factors you would consider when planning for each of the following:a. Walls and doors.b.
Assume that you have been asked to review the power needs for a standalone computer system which processes important but noncritical data and does not have to be online at all times, and which stores
Define the required wattage for a UPS for the following systems:a. Monitor: 2 amps; CPU: 3 amps; printer: 3 amps.b. Monitor: 3 amps; CPU: 4 amps; printer: 3 amps.c. Monitor: 3 amps; CPU: 4 amps;
What is a project plan? List what a project plan can accomplish.
What is the value of a statement of vision and objectives? Why is it needed before a project plan is developed?
What categories of constraints to project plan implementation are noted in the chapter? Explain each of them.
List and describe the three major steps in executing the project plan.
What is a work breakdown structure (WBS)? Is it the only way to organize a project plan?
What is projectitis? How is it cured or its impact minimized?

Showing 34100 - 34200 of 107832

First
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
Last

Services

Sitemap
Fun
Definitions
Become Tutor
Study Help Categories
Recent Questions
Expert Questions

Company Info

Security
Copyrights
Privacy Policy
Terms & Conditions
SolutionInn Fee
Scholarship

Get In Touch

About Us
Contact Us
Career
Jobs
FAQ
Campus Ambassador

Secure Payment

Download Our App

© 2024 SolutionInn. All Rights Reserved